diff --git a/otter/auth.py b/otter/auth.py index 720b9a8d3..0e964d55a 100644 --- a/otter/auth.py +++ b/otter/auth.py @@ -261,10 +261,10 @@ def authenticate_tenant(self, tenant_id, log=None): see :meth:`IAuthenticator.authenticate_tenant` """ auth = partial(self._auth_me, log=log) - + # Update the user_for_tenant function to + # use v2.0 API version only d = user_for_tenant(self._admin_url, - self._identity_admin_user, - self._identity_admin_password, + self._token, tenant_id, log=log) def impersonate(user): @@ -371,7 +371,7 @@ def endpoints_for_token(auth_endpoint, identity_admin_token, user_token, return d -def user_for_tenant(auth_endpoint, username, password, tenant_id, log=None): +def user_for_tenant(auth_endpoint, token, tenant_id, log=None): """ Use a super secret API to get the special actual username for a tenant id. @@ -383,14 +383,14 @@ def user_for_tenant(auth_endpoint, username, password, tenant_id, log=None): :return: Username of the magical identity:user-admin user for the tenantid. """ d = treq.get( - append_segments(auth_endpoint.replace('v2.0', 'v1.1'), 'mosso', str(tenant_id)), - auth=(username, password), + append_segments(auth_endpoint, 'users'), + headers=headers(token), allow_redirects=False, log=log) - d.addCallback(check_success, [301]) - d.addErrback(wrap_upstream_error, 'identity', 'mosso', auth_endpoint) + d.addCallback(check_success, [200, 203]) + d.addErrback(wrap_upstream_error, 'identity', 'users', auth_endpoint) d.addCallback(treq.json_content) - d.addCallback(lambda user: user['user']['id']) + d.addCallback(lambda user: user['users'][0]['username']) return d diff --git a/otter/test/test_auth.py b/otter/test/test_auth.py index e80dbfe5c..9c41126c9 100644 --- a/otter/test/test_auth.py +++ b/otter/test/test_auth.py @@ -36,7 +36,7 @@ ) from otter.effect_dispatcher import get_simple_dispatcher from otter.test.utils import SameJSON, iMock, mock_log, patch -from otter.util.http import APIError, UpstreamError +from otter.util.http import APIError, UpstreamError, headers expected_headers = {'accept': ['application/json'], @@ -299,18 +299,18 @@ def test_user_for_tenant(self): the list of users for a given tenant. """ response = mock.Mock(code=200) - response_body = {'user': {'id': 'ausername'}} + response_body = {'users': [{'username': 'ausername'}]} self.treq.json_content.return_value = succeed(response_body) self.treq.get.return_value = succeed(response) - d = user_for_tenant('http://identity/v2.0', 'username', 'password', + d = user_for_tenant('http://identity/v2.0', 'auth-token', 111111, log=self.log) self.assertEqual(self.successResultOf(d), 'ausername') self.treq.get.assert_called_once_with( - 'http://identity/v1.1/mosso/111111', - auth=('username', 'password'), + 'http://identity/v2.0/users', + headers=headers('auth-token'), allow_redirects=False, log=self.log) def test_user_for_tenant_propagates_errors(self): @@ -453,6 +453,7 @@ def setUp(self): self.admin_url = 'http://identity_admin/v2.0' self.user = 'service_user' self.password = 'service_password' + self.token = 'auth-token' self.ia = ImpersonatingAuthenticator(self.user, self.password, self.url, self.admin_url) self.log = mock.Mock() @@ -508,16 +509,16 @@ def test_authenticate_tenant_gets_user_for_specified_tenant(self): endpoint. """ self.successResultOf(self.ia.authenticate_tenant(111111)) - self.user_for_tenant.assert_called_once_with(self.admin_url, self.user, - self.password, 111111, + self.user_for_tenant.assert_called_once_with(self.admin_url, + None, + 111111, log=None) - self.user_for_tenant.reset_mock() self.successResultOf(self.ia.authenticate_tenant(111111, log=self.log)) - self.user_for_tenant.assert_called_once_with(self.admin_url, self.user, - self.password, 111111, + self.user_for_tenant.assert_called_once_with(self.admin_url, + None, 111111, log=self.log) def test_authenticate_tenant_impersonates_first_user(self):